Mon 12 February 2024
🛠️ Enhanced Dynamic Analysis
Over the past month, significant advancements have been made in dynamic analysis. We've expanded our capabilities to include instrumentation support for
Dart 🚀. We've also enhanced our detection mechanisms, identifying over 1,365 new vulnerable patterns in Swift and 846 in Dart.
🗝️ Refined IAM Management
We've fine-tuned IAM management by introducing two new roles:
Reader, offering read-only access, and
Attack Surface Auditor, designated for conducting thorough audits of the attack surface. This update ensures more tailored and secure access management.
🔍 More Detailed Attack Surface Insights
The Attack Surface feature now provides more detailed access control, tailored per Owner. This update enhances both the precision of discovered asset recommendations and the specificity of access rights, ensuring a more secure and efficient management of assets.
🛡️ Enhanced XSS Detection Capabilities
Our XSS Detection capabilities have undergone a significant overhaul, leading to better detection rates and broader coverage. We've added several new payloads and re-engineered our approach to authenticated testing, greatly enhancing the robustness of authentication during tests.
📦 Advanced Vulnerable Dependency Detection
We've improved the correlation between application fingerprints and known vulnerabilities searches. This enhancement has led to the detection of over 150% more new packages across various frameworks and languages, significantly boosting our ability to identify and mitigate vulnerabilities.
🐞 Bug Fixes
- Resolved an issue causing errors in the detection of source map code leaks.
- Fixed an error encountered when evaluating IP reputation.
- Addressed a bug that prevented the crawler from collecting request and response headers.
- Improved handling of large arguments collected during dynamic analysis.
- Corrected an issue with XSS tab timeouts, ensuring no findings are missed.
- Updated and clarified descriptions in our knowledge base entries.
- Fixed CSV validation errors during asset imports.
- Enhanced the computation of vulnerability DNA in the XSS Agent for more accurate detection.